Medium severity6.5NVD Advisory· Published Jan 26, 2023· Updated Jun 17, 2026
CVE-2021-36539
CVE-2021-36539
Description
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Instructure/Canvas LMSdescription
Patches
Vulnerability mechanics
References
1- github.com/instructure/canvas-lms/issues/1905nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.